Can someone intercept payments when using Tap & Pay?

60-Second Summary

Contactless payment systems are designed with strong security measures; however, certain vulnerabilities can still be exploited. Understanding these risks and how to prevent them is crucial for safeguarding your financial information.

• How it works: Uses NFC technology with encrypted transactions and dynamic codes for added security.
• Risks: Methods like relay attacks, skimming devices, and eavesdropping are possible but hard to execute.
• Security features: Encryption, proximity requirements, and unique transaction codes provide strong safeguards.
• Other risks: If you lose your card, unauthorised users may make small purchases with a stolen card before it’s reported.

AMCO’s Top Security Tips

• Stay aware: Be cautious in crowded places to prevent unauthorized scans.
• Use mobile payments: Use apps like Apple Pay, Google Wallet for biometric security.
• Invest in protection: RFID-blocking wallets prevent unwanted scans.
• Stay educated: Learn how Tap & Pay works and stay updated on security developments.

Learn more & get details

To learn more about this subject, read our team’s full analysis below . . .

How does Tap & Pay work?

Tap & Pay relies on NFC, which is a short-range wireless communication technology that allows devices to exchange data over small distances. Some of Tap&Pay features include:

• NFC technology: Tap & Pay uses this technology to encrypted data exchange between your card or smartphone and the terminal.
• Proximity: A 4 cm proximity requirement enhances security by minimising interception risks.
• Unique code: Each transaction generates a unique, one-time code, preventing data reuse.

Potential risks of interception

Even though contactless payments are relatively safe, there are some risks associated with them, such as:

1. Relay Attacks

A relay attack occurs when hackers use two devices to intercept and extend the range of NFC signals, enabling fraudulent transactions. These attacks require complex equipment and are often detected by transaction restrictions or geolocation tracking.

2. Skimming Devices

Some thieves use hidden skimming devices on point-of-sale terminals to steal payment information from contactless cards. However, because Tap & Pay generates unique codes for each transaction, the stolen data can’t be used for fraud. Unlike traditional card skimming, which clones magnetic stripe cards, NFC technology’s dynamic nature makes this method less effective.

3. Eavesdropping

Eavesdropping involves an attacker trying to intercept NFC signals between a card or device and a terminal. However, due to NFC’s short range and encrypted data transmission, this is highly unlikely. The attacker would need to be just a few millimetres away and use sophisticated equipment to capture and decode the data.

4. Lost or Stolen Cards

Losing your contactless card is a likely risk. If someone with malicious intent finds it, they could make small purchases within the card’s contactless limit (typically £100 in the UK, or equivalent elsewhere) without requiring a PIN or signature. While this doesn’t involve interception, it underscores the importance of promptly reporting a lost or stolen card to your bank.

Security Features of Tap & Pay Systems

Tap & Pay systems provide numerous security elements to prevent unwanted access and limit risks, such as:

• Dynamic transaction codes: Each transaction creates a unique one-time code, preventing intercepted data from being repeated.

• Proximity requirement: NFC’s limited range prevents attackers from intercepting data unless they are very close to the payment device.

• Encryption: Tap & Pay transactions safeguard sensitive card data against interception and decryption.

• Transaction limits: Contactless payments may include transaction limits to prevent illegal transactions.
• Smartphone protection: Smartphones that enable contactless payments via applications such as Apple Pay or Google Wallet give an extra degree of protection. These devices employ biometric verification, such as fingerprints or face recognition to complete payments.

How to Stay Safe While Using Tap & Pay:

While the chance of interception is low, you may take extra efforts to keep your Tap & Pay transactions as safe as possible. Here are some strategies to keep your money secure:

1. RFID-Blocking wallets

Use RFID-Blocking Wallets to prevent unlawful reading of contactless cards when not in use. They are especially beneficial in crowded environments such as public transportation or events where you’re expected to stand close to other people.

2. Mobile payment security

If you’re using a smartphone for Tap & Pay, enable biometric authentication, such as fingerprint or facial recognition. This adds an extra layer of security that physical cards don’t have, ensuring only the authorised user can make transactions

3. Monitor your transactions

Keep an eye out for illegal transactions on your bank accounts and payment app notifications. Most banks allow you to set up quick notifications for each purchase, which makes it easier to detect fraudulent behaviour.

4. Report lost cards immediately

If your contactless card is lost or stolen, call your bank straight away to disable it and get a replacement.

5. Update your software

Keep your phone’s operating system and payment applications up to date for essential security fixes.

AMCO’s Recommendations

• Be aware of your surroundings. When using Tap & Pay in busy locations, be cautious and protect your card or device to avoid fraudulent scans.
• Pay digitally. For further protection, use mobile payment programs such as Apple Pay, Google Wallet, or Samsung Pay, which require biometric identification with each transaction.
• Invest in protection. RFID-blocking wallets are a simple but valuable investment that may protect you from future scanning attempts.
• Educate yourself. Understand how contactless payment systems work and keep up with current security issues. Knowledge is your most effective tool against fraud.